[libvirt PATCH v3] cgroup/LXC: Do not condition availability of v2 by controllers

Michal Koutný mkoutny at suse.com
Mon Oct 24 15:52:04 UTC 2022


(Sorry for a stitched mail below, I'm not subscribed to the ML so this is
what I got from public archives. Please, keep me Cced.)

On 10/24/22 13:54, Pavel Hrdina wrote:
> I don't like this at all and IMO this is incorrect fix of the issue you
> are trying to address. In hybrid mode with systemd the cgroup v2
> controller is not a real controller. It's something systemd uses for
> process tracking and some other features. It is owned by systemd and we
> should not touch it directly at all. 

I very much agree with this. Despite that I suggested the posted patch
[1] because libvirt/lxc apparently violates systemd rules of exclusive
access to cgroup hierarchies already. (At least that's how I understand
the migration between libvirtd.service and target
machine.slice/.../*.scope.) The patch is meant as a quick (and
admittedly dirty) fix to the issue that users have been reporting with
libvirt/lxc in the hybrid mode for several months.

> We need to use proper systemd APIs to make any changes to that
> directory or if needed ask systemd to create cgroup with Delegate=yes
> which in this case is probably also not the correct approach.

Yes, as I wrote in the commit message, there seems to be some
inconsistency in what libvirt core vs libvirt/lxc uses to access
cgroups. Using always systemd API would seem most consistent but I'd
retain the current patch as a workaround provided it doesn't break
things more (than the current state). 

On 10/24/22 13:28, Pavel Hrdina wrote:
> What I've seen is that hybrid systemd environments have:
>     /sys/fs/cgroup/unified
>     /sys/fs/cgroup/memory
>     /sys/fs/cgroup/blkio
>     ...
> but it doesn't mean that it is mounted in V1 cgroup filesystem.
> In this case the /sys/fs/cgroup is tmpfs filesystem and there is nothing
> mounted over V1.

As a more detailed explanation why the reversed order works:
It relies on the tmpfs mount over the ro-path in the v1
virCgroupBindMount so that ../unified mount directory can be created
for the v2 mount.

(IIUC, this is related to the environment inside the container where
libvirt/lxc attempts to prepare hybrid-like cgroup setup.)


[1] v1 in https://bugzilla.opensuse.org/show_bug.cgi?id=1183247#c35
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20221024/5187cd29/attachment.sig>

More information about the libvir-list mailing list